Vulston Ransomware

The Vulston Ransomware is a generic encryption Trojan that abuses free encryption technology to make data unreadable on infected systems and propose a decryption tool in exchange for Bitcoin. The Vulston Ransomware was reported for the first time on January 3rd, 2019 and it is suspected to come from the same people behind the Xorist Ransomware. For the time being, there is limited empirical data and very few samples. The Vulston Ransomware is programmed to encipher targeted files, transmit the decryption key in an encrypted package and self-destruct afterward. Thus, reverse-engineering a free decryptor and blocking the Trojan from running is troublesome, to say the least. The Vulston Ransomware is known to encipher images, audio, text, video, and databases like most cyber-threats of the same type. The affected data is renamed to include the '.vulston' extension. For example, 'Hinder-Lips Of An Angel.mp3' is renamed to 'Hinder-Lips Of An Angel.mp3.vulston.' The ransom note is presented on the user's desktop as 'mensagem.txt' and reads:

'At this moment your files are encrypted
and they can not be decrypted without the key's that are set for your computer.
To receive the decryption keys, you have pay 0.18 BITCOIN
You can get bitcoin very easy on this site: www.localbitcoins.com
You have to create an account and to buy 0.18 BITCOIN from a seller located in your city.
Then you have to send the amount at this BTC adress: 1L4da3SCbo9w3Y1F3HoVxjyn7yTTXcWhUw
After that, contact me at this email adress: vuleston@gmx.com
With this subject: KEYS FOR ID [8 random characters]mensagem.
After the payment you will receive the key's to decrypt your files and a tutorial
The key's that are older than 3 days will be automaticaly deleted.
If you don't want to lose your files, please contact me in this 3 days.'

The threat authors are reported to use the 'vuleston@gmx.com' email account for negotiations with victims. The starting price for their "decryption services" is set to 0.18 Bitcoin (682 USD/598 EUR). However, we advise against making contact with the Vulston Ransomware actors. Removing the threat should be a priority, as well as using a reliable backup manager on your system. Cyber threats like the Vulston Ransomware may not be as popular as back in 2017, but they remain a constant and evolving threat in 2019. You should make sure to keep data backups on a memory device that is not connected to your primary machine at all times.